What is X-Registry-Auth for Docker for Private Registry

Question

What is X-Registry-Auth for Docker for Private Registry

What should be the contents of the X-Registry-Auth header when clicking on a Docker image in a private registry using the REST API ? Per Using the Docker API to access a private registry , the X-Registry-Auth header is required. https://groups.google.com/forum/#!topic/docker-user/vXcA8fsCNZM suggests that the value should be a base64 encoded JSON string of the form:

{'username': string, 'password': string, 'email': string, 'serveraddress' : string}

After setting the appropriate environment variables, I did:

XRA=`echo "{\"username\": \"${USERNAME}\", \"password\": \"${PASSWORD}\", \"email\": \"${EMAIL_ADDRESS}\", \"serveraddress\" : \"${SERVER_ADDRESS}\"}" | base64 --wrap=0`
curl  -v --request POST --header "X-Registry-Auth: $XRA" http://$DOCKER_HOST/v1/images/$REGISTRY/$NAMESPACE/$REPOSITORY?tag=$TAG

And get an answer 403 Forbidden.

Perhaps the problem is that I do not know what the values should be. How can I identify them? Docker seems to have a way; sudo docker push $REGISTRY/$NAMESPACE/$REPOSITORY:$TAGworks fine.

+4

docker docker-registry

kalantar Aug 29 '14 at 1:21

source share

3 answers

Miguel Ángel Fernández · Answer 1 · 2016-11-18T12:21:31+0000

I had private docker repository (Docker Api v2) and for me this was the solution:

 XRA=`echo "{ \"username\": \"yourname\", \"password\": \"yourpass\", \"email\": \"youmail@example.org\" }" | base64 --wrap=0`
 curl  -X POST  -d "" -H "X-Registry-Auth: $XRA" http://localhost:4243/images/create?fromImage=private.host:19003/imagename&tag=latest

Neil katin · Answer 2 · 2014-08-29T19:41:42+0000

I think you are missing two encoding layers. The actual code that the header is generating (from github )

def encode_header(auth):
    auth_json = json.dumps(auth).encode('ascii')
    return base64.b64encode(auth_json)

def encode_full_header(auth):
    """ Returns the given auth block encoded for the X-Registry-Config header.
    """
    return encode_header({'configs': auth})

So you need an external map {'configs': [array of auth entries]}, all encoded by json-then-base64.

esnible · Answer 3 · 2014-09-19T19:50:48+0000

docker login --username $USERNAME --password $PASSWORD --email $EMAIL_ADDRESS $SERVER_ADDRESS

, , "Login Succeeded".

, $NAMESPACE $USERNAME. v1.13 v1.

What is X-Registry-Auth for Docker for Private Registry

More articles: